DRN-5973538

The complaint Ms R complains that Santander UK Plc (‘Santander’) restricted her account and made repeated and excessive requests for information when conducting a review. What happened The details of this complaint are well known by both parties, so I won’t repeat them again here in detail. Instead, I’ll focus on setting out some of the key facts and on giving my reasons for my decision. In May 2025, Ms R phoned Santander because she was unable to make a payment from her account. During the call, Santander informed Ms R that a Know Your Customer (KYC) review needed to be completed, before the restriction could be lifted. Ms R was advised the call would take around 30 minutes – so Ms R agreed to continue with it. She also informed Santander that she was scheduled to attend an online course and needed the call to be concluded swiftly. During the call, Santander asked Ms R a number of questions as part of its KYC review. The call was lengthy and Ms R missed the start of her course. Ms R made a formal complaint because she was unhappy with Santander’s processes, the extent of its enquiries and the amount of time the call had taken. Ms R felt the questions Santander asked were repetitive, intrusive and the process caused her distress and inconvenience because her account was restricted and she needed to make a payment for her rent. Ms R added that she’d provided information to Santander in 2024 as part of a previous KYC review, so it should have already had most of the information it was asking her about on file. Santander issued its final response at the beginning of May 2025. It confirmed the information requests as part of its KYC review were necessary for it to complete its checks and to ensure the information it held was accurate and up to date. A further complaint was subsequently made by Ms R. She expressed concern about how the data Santander collected about her was going to be used and she considered Santander should reimburse $1,597 for the cost of her course, because she’d missed a significant part of it, which meant she was unable to follow the remainder of the content. In addition, Ms R questioned why Santander didn’t contact her via email or secure message, as she lives abroad and that was her preferred method of contact. In a response issued towards the end of May 2025, Santander confirmed it hadn’t been able to listen to the call Ms R was unhappy about but reiterated the information requested was needed for Santander to meet its KYC responsibilities and to protect both the bank and Ms R from financial crime. Unhappy with these responses Ms R referred her complaint to our service. Ms R added that she felt she’d been treated like a criminal by Santander, due to the way it conducted the KYC review. And she didn’t answer calls from unrecognised phone numbers because of security concerns – she considered Santander should have sent her an online message, so a call could have been pre-arranged.

-- 1 of 4 --

One of our Investigators gathered the relevant information and in summary, made the following findings: • Santander had attempted to contact Ms R by phone, text message and letter in March and April 2025, to complete its KYC checks. As it didn’t receive a reply, a restriction was placed on Ms R’s account • Santander was meeting its legal and regulatory obligations when it conducted the review and there can be serious consequences for Santander if it doesn’t comply with such obligations • Although Ms R felt the review was excessive and intrusive, it was for Santander to decide what information it requested and how it completed the review • Santander has ongoing obligations and it’s required to ensure the information it holds about its customers is accurate and up to date • The KYC call lasted considerably longer than 30 minutes. This was partly due to Ms R expressing her dissatisfaction with the questions she was asked and challenging Santander’s staff member on several occasions during the call • Ms R was offered a call back as she mentioned she needed to attend her course. Ms R decided to stay on the call because she wanted the restriction on her account to be lifted - so Ms R had missed part of her course Ms R disagreed with the Investigator’s opinion. She made the following key points: • Ms R hadn’t received any prior communication from Santander regarding the KYC review • Our Investigator had failed to request a recording of the call that took place, even though Santander initially denied the lengthy call happened • Ms R had co-operated fully with Santander in 2024 when a thorough KYC review was completed. So, it was disproportionate and excessive for Santander to complete the review again in 2025 when there wasn’t any suspicious activity on Ms R’s account • Ms R hadn’t been treated fairly and in line with Santander’s regulatory requirements • A fair and independent investigation hadn’t been conducted by our service • Santander should issue an apology, cover Ms R’s financial losses and pay compensation for the distress and inconvenience caused • Santander hadn’t properly explained the basis for which it required the information it requested from Ms R As an agreement couldn’t be reached, the complaint has been referred to an ombudsman for a final decision. What I’ve decided – and why I’ve considered all the available evidence and arguments to decide what’s fair and reasonable in the circumstances of this complaint. I’m very aware that I’ve summarised the events in this complaint in far less detail than Ms R has and I’ve done so using my own words. No discourtesy is intended by me in taking this approach. Instead, I’ve focussed on what I think are the key issues here. Our rules allow me to do this. This simply reflects the informal nature of our service as a free alternative to the courts. If there’s something I’ve not mentioned, it isn’t because I’ve ignored it. I’m satisfied I don’t need to comment on every individual argument to be able to reach what I think is the

-- 2 of 4 --

right outcome. I do stress however that I’ve considered everything Ms R and Santander have said before reaching my decision. Firstly, in response to the Investigator’s view, Ms R has said she is concerned that the Investigator is biased because they haven’t upheld her complaint – with the implication being that the bank is influencing our conclusions inappropriately. Whilst I do recognise her concern, as an ombudsman service our approach is to consider what both parties say and then reach our own independent conclusions on that evidence. That is what I have done on this complaint. If Ms R does not agree with my decision, she does not have to accept it, and if she does not accept this final decision, she will be free to continue to pursue her concerns by other means should she wish to do so. I cannot, however, advise her on how to go about doing that. Having reviewed all the evidence I deem pertinent; I’ve reached the same outcome as the Investigator - I’ll explain why. Santander has important legal and regulatory responsibilities to meet when providing accounts to customers. These obligations generally cover the entire period of its customer relationship – from application to eventually the end of the relationship. They can broadly be summarised as a responsibility to know its customer, monitor accounts, verify the source and purpose of funds, as well as detect and prevent other financial harm. This includes KYC checks and/or Customer Due Diligence (CDD). It’s worth noting these checks include not just the verification of a customer’s identity but also establishing the purpose and intended nature of the business relationship and origin of funds. It’s common practice for banks and other financial service providers to carry out regular reviews, and further KYC checks. And that is what happened here. The Financial Conduct Authority (FCA) has set out detailed guidelines for KYC requirements that each financial business must comply with. It's worth noting though that there is no set way in which the regulator requires a business to meet their KYC requirements. Each business will have their own individual procedures with respect to KYC requirements. This is to ensure each business can meet their regulatory requirements but also have the autonomy to operate its business as it sees fit. So, whilst I’ve considered Ms R’s general comments about Santander’s approach to discharging its regulatory duties, I haven’t seen anything to persuade me its processes were unreasonable or disproportionate. One of the issues Ms R has mentioned is the repeated requests for information from her. Santander is required to take steps to ensure its knowledge about its relationship with Ms R remained current, even if a review had been recently conducted. So, I find Santander’s actions to have been reasonable and in keeping with its wider regulatory duties. Ms R says Santander should have contacted her through secure message or email, as she lives abroad and doesn’t answer calls from phone numbers she doesn’t recognise. And Ms R told us that she didn’t receive any prior communication from Santander regarding the KYC review. From the evidence provided by Santander, I’m satisfied it attempted to contact Ms R in April and May 2025 by phone, text and letter – which was sent to Ms R’s UK address as that is the address registered with Santander. I recognise Ms R found completing the KYC review with Santander over the phone to be frustrating and inconvenient. Santander explained to Ms R that its process is to carry out its KYC reviews over the phone. I should highlight it is not within this service’s remit to tell a business how to run their KYC processes or procedures. It would be the role of the regulator – the FCA who have the power to instruct Santander to make changes to its policies and procedures, if necessary.

-- 3 of 4 --

I’ve carefully considered Ms R’s comments that the conduct of Santander’s adviser during the phone call breached Santander’s regulatory responsibilities to treat customers fairly. Having listened to the call between Ms R and Santander, I recognise Ms R was advised at the outset that the call should take around 30 minutes. Whilst the call took considerably longer than this, I consider the call duration was predominantly extended due to Ms R raising multiple concerns and querying several aspects of the KYC process, which the adviser needed to address and clarify. Ms R seemed frustrated with the duration of the call, noting she wished to conclude it so she could begin her course. This was evidenced in a number of her comments to Santander's adviser, some of which were discourteous in tone. Although Ms R was offered a call back, she declined this option because she wanted the account restriction to be resolved within the same call. Overall, I don’t consider Ms R was treated unfairly during her interaction with the adviser, whilst the KYC review was being completed. I appreciate Ms R wanted the restriction on her account to be lifted, so she could make an important payment. But Ms R had the option of contacting Santander at a more convenient time to finish the KYC review and as mentioned above, Santander had tried to contact Ms R on several occasions prior to restricting her account, to complete the review. So, it follows that I won’t be asking Santander to reimburse Ms R the cost of her training course, which she partly missed. I note Ms R is concerned about the level of information Santander requested and has indicated Santander has failed to explain the lawful basis for collecting her data. And Ms R has questioned whether this aligns with UK GDPR principles. It isn’t our service’s role to decide whether there has been a breach of data protection rules here - that is for the Information Commissioner’s Office (ICO) to determine, but instead to see what has happened and whether Ms R has been treated fairly. If Ms R remains unhappy with the response she receives, she may wish to complain to the ICO, should she feel Santander has breached data laws. In summary, as I don’t think Santander has done anything wrong here, I see no basis on which to ask it to cover the costs Ms R has requested or award any compensation for the distress and inconvenience Ms R says she has suffered. My final decision For the reasons above, I have decided not to uphold this complaint. Under the rules of the Financial Ombudsman Service, I’m required to ask Ms R to accept or reject my decision before 26 May 2026. Khadijah Nakhuda Ombudsman

-- 4 of 4 --